strange tcp behavior; all systems except 1 connect to ubuntu on google compute engine
Gary Aitken
ubuntu at dreamchaser.org
Wed Dec 9 19:53:12 UTC 2020
I'm trying to debug a situation where tcp conversation started from a single
machine in my home/work network are ignored by a google compute engine
running ubuntu. I get the same behavior from two different systems, one
a long established system running ubuntu 16.04 and another newly minted one
running ubuntu 18.04. I used to be able to connect to the 16.04 system ok.
Topology:
A fbsd -------\
C fbsd firewalll/gateway -- Google cloud -- D ubuntu
B ms-win-10 --/
If I request an SSH or HTTP/HTTPS session on D from machine A I get no
response. A tcpdump on D shows the initial syn packet arriving, but
there is no reply.
An HTTP/HTTPS request from B or C to D succeeds.
Using the web-based console interface for the account on GCE for machine D,
a request to display an SSH session shows up (that's how I can get the
tcpdump).
I see the above behavior for two different machines D, one a long-established
ubuntu 16.04 where this used to work, and one a newly spawned ubuntu 18.04.
There are no special firewall rules on machine D (either one); the general
rules set up when the VM was created allowing HTTP, HTTPS, and SSH access
are there with no further holes/blocks.
If I turn on DEBUG logging for sshd on machine D, there is no information
written to the log when the request comes in; it's as if it came in and was
immediately dropped.
Machines A and B have private IP addrs, but a non-private IP addr is
specifically mapped to A by ipfw rules in C. B is mapped to a specific
IP addr used for all other internal machines, and C has its own IP addr.
Since I see the request to open a connection at D, I *think* it should have
nothing to do with my internal firewall rules; but I can't think of what
could be preventing machine D from responding.
What could be preventing machine D from answering a request by machine
A, when a similar request from B or C works?
What do ubuntu systems, particularly those for GCE, use for packet filtering?
Why would I see the packet come in, but there is no trace of it in
/var/log/auth.log (for ssh requests) or /var/log/apache2/access.log or
error.log (for http/s) requests)?
Thanks for any clues,
Gary
More information about the ubuntu-users
mailing list